• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

Intrusion Blocked

I am new to the board, so I am not sure if this is the right section to be posting this topic in. I apologize if it isn't in advance.

I have a few questions about intrusion prevention. I am wondering why my computer keeps being attacked randomly by the same IP addy almost every time? It is always blocked when they try. I traced the IP addy and got an address from the same city in which I live. It is coming from a business building, but the suite number that it is attacking from as far as I know is not an actual business like many others in the building. Is it possible that this may be a hacker? I find it weird that it is almost always from the same IP. Should I change my IP? Will this deter this "person" from trying to attack my computer if I do? Also, why is this happening so often? I am very computer savvy so any help anyone can give me would be great. Thanks in advance!

Replies

Kudos0

Re: Intrusion Blocked

I am new to the board, so I am not sure if this is the right section to be posting this topic in. I apologize if it isn't in advance.

I have a few questions about intrusion prevention. I am wondering why my computer keeps being attacked randomly by the same IP addy almost every time? It is always blocked when they try. I traced the IP addy and got an address from the same city in which I live. It is coming from a business building, but the suite number that it is attacking from as far as I know is not an actual business like many others in the building. Is it possible that this may be a hacker? I find it weird that it is almost always from the same IP. Should I change my IP? Will this deter this "person" from trying to attack my computer if I do? Also, why is this happening so often? I am very computer savvy so any help anyone can give me would be great. Thanks in advance!

Kudos0

Re: Intrusion Blocked

Its not necessarily somebody hacking you. Your pc gets pinged for a lot of various reasons. It could even be your ISP pinging out to you.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: Intrusion Blocked

No I do not have a router. Would that help do you think?

So you are saying my ISP is ping & tracerouting my computer? What would be the reason behind that?

Kudos0

Re: Intrusion Blocked

Having a hardware firewall is a very good step in the right direction.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: Intrusion Blocked

Ok where do you think I would find one that is inexpensive in Canada? Also the question about my ISP provider was not answered. Why would they be pinging my computer?
Kudos0

Re: Intrusion Blocked

I only said it maybe your ISP. It can also be your modem just pinging out a signal and that signal coming back. Is there a Bestbuy near you? Also you can go on Newegg.con for some great deals.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: Intrusion Blocked

If you have N.I.S., a Hard Firewall is not really required since you have symantec's excellent Two-Way Firewall.  Then you've got I.P. [Intrusion Prevention] and finally Auto-Protect and on-demand Scanners.  You also have Phishing Protection which Scans Web Pages.

Could you Post a Screen Shot of the Details of the I.P. [Intrusion Prevention] you are getting.  Remember to block out the I.P. Addresses.  Also, what Version of N.I.S. are you using?  Thanks!

Message Edited by Floating_Red on 12-22-2008 02:09 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Intrusion Blocked

Is it like your DSL box (196.8.0) showing up on your connection log every 3-4 minutes?

or

are you getting messages in your activity log that says unsused port blocking has blocked.............?

Kudos0

Re: Intrusion Blocked

Hardware router is the best line of defense... not perfect, they can be hacked but not as easy as software firewalls. You only need software firewalls for blocking any nasty sending outgoing, if you use a router. Much as I like NIS I would not trust it 100% without a router that does stateful packet inspection.  Yeah you could be getting false positive hits from your isp, with all the traffic shaping/deep packet tech they are using, it's showing up in IDS logs from AV vendors (on my test machine, my ESET logs are filled with supposed intrusions of dns posioning from my isp's dns servers).
Kudos0

Re: Intrusion Blocked

______________________________________________

I am new to the board, so I am not sure if this is the right section to be posting this topic in. I apologize if it isn't in advance.

 

I have a few questions about intrusion prevention. I am wondering why my computer keeps being attacked randomly by the same IP addy almost every time? It is always blocked when they try. I traced the IP addy and got an address from the same city in which I live. It is coming from a business building, but the suite number that it is attacking from as far as I know is not an actual business like many others in the building. Is it possible that this may be a hacker? I find it weird that it is almost always from the same IP. Should I change my IP? Will this deter this "person" from trying to attack my computer if I do? Also, why is this happening so often? I am very computer savvy so any help anyone can give me would be great. Thanks in advance!

____________________________________________________________________________

 

Hi,

 

Changing the IP might as well do the trick and you can check block all stealthed ports.

 

The source IP from which the attack originates, might be a zombie and I won't be surprised if it is. Anyways, the reasons for such attacks that are attempted are countless. For who knows the IP from where the attack originates might as well would have been compromised.

 

Nonetheless, you can be rest assured that you're protected. NIS has a feature called Auto-Block, which automatically blocks the computer from which the intrusion attempts originate. If the same IP attempts to intrude into your computer more than twice in a row, Auto-block feature blocks all traffic from the computer. However, if you are continuosly stalked by the IP that you mentioned, create a firewall rule to block all traffic from that IP or set the Auto-Block feature to block it for 48 hours (just to be extra safe).

 

Hope this helps.

 

-MbR

 

 

 

 

 

"Mythbuster is now a SUPER keylogger crusher" - MbR
Kudos0

Re: Intrusion Blocked

Auto-Block is a Feature whereby, if an Intrusion is Blocked, the Auto-Block Feature, if Turn On which it should be, will Block the Attacking computer from accessing your computer for a limited amount of time.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Intrusion Blocked

When an attack from the network is detected by Intrusion Prevention, it places the attacking computer’s IP address in the “AutoBlock” list so that the firewall will automatically reject. While a computer’s IP address is in the AutoBlock zone, it cannot establish a connection. By default, the attacking computer will be placed in the AutoBlock zone for 30 minutes.  After that time AutoBlock removes it from the list and Norton program will allow traffic from that IP again.Message Edited by yogesh_mohan on 12-23-2008 09:11 PM
Kudos0

Re: Intrusion Blocked

Hi NAVUser,

 

Sorry for late reply to your post. This alert indicates that your Intrusion prevention component in your Norton 2009 product has successfully detected and blocked an attempt to access your computer. The attempt can come from a legitimate source such as a web enabled program that you use. It can also come from an unwanted intrusion attempt. Confirm whether the attacking IP address is really attempting to hack into your computer(may be some malicious program in that computer attempts without the knowledge of the user), your ISP can help you better in that. This alert is on by default. If you do not want to be alerted, then you can turn off the Intrusion Prevention notifications:
1. Start your Norton 2009 program.
2. In the Internet section, click Settings.
3. Under Intrusion Prevention, if Notification Alerts shows On, click the status indicator to turn it Off.

 

Yogesh

Kudos0

Re: Intrusion Blocked

Thanks so much for all of your replies. I appreciate you all taking the time to help me. I will look into all of these things you all have mentioned. Thanks again everyone and happy holidays's to you all! Be safe :)
Kudos0

Re: Intrusion Blocked


NAVUser wrote: 
Thanks again everyone and happy holidays's to you all!

Have a good one as well.


NAVUser wrote: 
I will look into all of these things you all have mentioned.

Let us know how you get on!

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Intrusion Blocked

You cannot change you IP. Do you have a hardware firewall such as a router?
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM

Replies are locked for this thread.